From 5791d2117cb6036cd198a06b93824c54cc672ce9 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Thu, 28 Dec 2017 13:18:15 +0200
Subject: [PATCH] GnuTLS: Make debug prints clearer for cert/key parsing

Indicate more clearly when the parsing succeeds to avoid ending the
debug prints with various internal GnuTLS internal error messages even
when the parsing actually succeeded in the end.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/crypto/tls_gnutls.c | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/src/crypto/tls_gnutls.c b/src/crypto/tls_gnutls.c
index b94f1ea75..da205a864 100644
--- a/src/crypto/tls_gnutls.c
+++ b/src/crypto/tls_gnutls.c
@@ -425,6 +425,13 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 					   gnutls_strerror(ret));
 				return -1;
 			}
+			wpa_printf(MSG_DEBUG,
+				   "GnuTLS: Successfully read CA cert '%s' in PEM format",
+				   params->ca_cert);
+		} else {
+			wpa_printf(MSG_DEBUG,
+				   "GnuTLS: Successfully read CA cert '%s' in DER format",
+				   params->ca_cert);
 		}
 	} else if (params->ca_cert_blob) {
 		gnutls_datum_t ca;
@@ -472,6 +479,9 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 	}
 
 	if (params->client_cert && params->private_key) {
+		wpa_printf(MSG_DEBUG,
+			   "GnuTLS: Try to parse client cert '%s' and key '%s' in DER format",
+			   params->client_cert, params->private_key);
 #if GNUTLS_VERSION_NUMBER >= 0x03010b
 		ret = gnutls_certificate_set_x509_key_file2(
 			conn->xcred, params->client_cert, params->private_key,
@@ -483,8 +493,9 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 			GNUTLS_X509_FMT_DER);
 #endif
 		if (ret < 0) {
-			wpa_printf(MSG_DEBUG, "Failed to read client cert/key "
-				   "in DER format: %s", gnutls_strerror(ret));
+			wpa_printf(MSG_DEBUG,
+				   "GnuTLS: Failed to read client cert/key in DER format (%s) - try in PEM format",
+				   gnutls_strerror(ret));
 #if GNUTLS_VERSION_NUMBER >= 0x03010b
 			ret = gnutls_certificate_set_x509_key_file2(
 				conn->xcred, params->client_cert,
@@ -501,11 +512,19 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn,
 					   gnutls_strerror(ret));
 				return ret;
 			}
+			wpa_printf(MSG_DEBUG,
+				   "GnuTLS: Successfully read client cert/key in PEM format");
+		} else {
+			wpa_printf(MSG_DEBUG,
+				   "GnuTLS: Successfully read client cert/key in DER format");
 		}
 	} else if (params->private_key) {
 		int pkcs12_ok = 0;
 #ifdef PKCS12_FUNCS
 		/* Try to load in PKCS#12 format */
+		wpa_printf(MSG_DEBUG,
+			   "GnuTLS: Try to parse client cert/key '%s'in PKCS#12 DER format",
+			   params->private_key);
 		ret = gnutls_certificate_set_x509_simple_pkcs12_file(
 			conn->xcred, params->private_key, GNUTLS_X509_FMT_DER,
 			params->private_key_passwd);